Open InitRoot opened 5 years ago
Please write what exactly the error is. What result do you expect to see, and what happens?
The application doesn't properly sanitize user input as a result its possible to perform client-side attacks through the Preview function.
The issue is that the Wiki Editor function whenever HTML code is submitted directly submits it as HTML. Such input should be sanitised and only allow code to be ingested if within the code formatting. Example here of a simple javascript code, however, wrapped properly.
Even when wrapped the code gets ingested as a payload and executed resulting in client-side code execution. Here is the HTML view of the above.
The expectation is that any code entered using the code block function, will result in the code being sanitized and not ingested by the underlying editor.
Then to follow on this. Even injecting the code without wrapping it in the code blocks results in the same issue. Example below:
Also results in code execution:
Both of the above can be done by simply ingesting the following onto the wiki editor:
<script>alert()</script>
I hope this clears it up.
The application does not properly comment out the following code injection:
@@javascript:"/'/`/--><html \" onmouseover=/<svg/*/onload=alert()//>@@
The above still provides XSS execution as shown on the picture below: https://i.imgur.com/nvSl2Z7.png